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Skybox View enables 
customers to transform raw 
configuration and security 
data into actionable business 
intelligence and provides 
analytical and predictive 
capability, simulation, work- 
flow man-agement, what-if, 
and decision-support analysis. 
This data is analyzed in 
order to generate accurate 
risk and control assessments 
and reports in order to make 
decisions and prioritize 
actions. 
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NETWORK MODELING AND RISK PRIORITIZATION WITH 
QUALYSGUARD® AND SKYBOX VIEW® 


The integration of Skybox View with QualysGuard vulnerability management 
data provides customers with the following capabilities and benefits: 


Network modeling 

Integration generates a network model that incorporates vulnerability information and 
network device information (e.g. firewall and routers). In depth analysis of this model is 
possible including attack and access simulation that can accurately reveal all possible 
attack paths from potential threats as well as measure their impact on the enterprise’s 
critical business assets. 


Continuous and automated vulnerability assessment 

The integration with QualysGuard provides real-time update of asset vulnerability data. As 
new hosts and vulnerabilities are discovered by QualysGuard, this information becomes 
immediately available to the Skybox View risk assessment engine in order to automatically 
evaluate the change in risk exposure. 


Risk metrics and prioritization 

Risk metrics are based on the risk that a vulnerability imposes on critical business assets 
depending on its exposure to potential attackers inside and outside the organization’s 
network. Vulnerabilities that can be exploited by potential attackers in one step (direct 
exposure) or more than one step (indirect exposure). Each of these can result in different 
levels of risk based on ease of exploit, value of the target business asset and impacts due 
to breaches of confidentiality, integrity or availability. 


Firewall and regulatory compliance 

The integration allows in-depth analysis of complex firewall rules in addition to automating 
the process of auditing firewalls. On-demand audits take only a few minutes, streamlining 
regulatory compliance (PCI, FISMA, etc.). In addition, network access and connectivity 
issues are continuously analyzed. 


Qualys Integration with Skybox View 


How it Works About Skybox 

Skybox Security provides automated 
risk assessment and compliance analysis 
software to global organizations. The 
company’s customers are the who’s 
who of the world’s leading organizations 
with mission-critical global networks. 


The integration with QualysGuard provides real-time updates of asset vulnerability data. As 
new hosts and vulnerabilities are discovered by QualysGuard, this information becomes 
immediately available to the Skybox View risk assessment engine in order to automatically 
evaluate the change in risk exposure. 
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protect their hard-earned reputation 
and irreplaceable brand by accurately 
pinpointing and prioritizing high areas of 
risk and compliance exposures in 
minutes versus weeks or months. 
Skybox Security markets two product 
lines: Skybox Secure and Skybox 
Assure - both supported by a common, 
scalable platform called Skybox View. 
For more information visit 
www.skyboxsecurity.com. 


About Qualys 

Qualys, Inc. is the leading provider of 
on demand IT security risk and compli- 
ance management solutions — delivered 
as a service. Qualys’ Software-as-a- 
Service solutions are deployed in a 
matter of hours anywhere in the world, 
providing customers an immediate and 


Figure 1: Network Modeling to Show Attacks on Critical Assets 


1. Vulnerabilities - Severity, Risk and Exposure continuous view of their security and 
This section displays the Vulnerabilities distributed by Severity, Risk and Exposure level. compliance postures. The QualysGuard 
"Exposed Vulnerabilities" are Vulnerabilities that can be accessed from Threat Origins in š 

one step (Direct) or more (Indirect), while "Not Exposed Vulnerabilities" are mitigated service is used today by more than 


Vulnerabilities that are inaccessible from the defined Threat Origins. 3,500 organizations in 85 countries, 


Exposed Vulnerabilities - Severity including 35 of the Fortune Global 100 

High and performs more than 200 million IP 
audits per year. Qualys has the largest 
vulnerability management deployment 
in the world at a Fortune Global 50 
company. Qualys has established stra- 
tegic agreements with leading managed 
service providers and consulting organi- 
zations including BT, Etisalat, Fujitsu, 
IBM, \(TS)2, LAC, SecureWorks, 
Symantec, TELUS and VeriSign. For 
more information, please visit 
www.qualys.com. 
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Figure 2: Summary of Vulnerability Assessment Data from QualysGuard 


USA - Qualys, Inc. * 1600 Bridge Parkway, Redwood Shores, CA 94065 e T: 1 (650) 801 6100 © sales@qualys.com 

UK - Qualys, Ltd. * 224 Berwick Avenue, Slough, Berkshire, SL1 4QT e» T: +44 (0) 1753 872101 A 

Germany - Qualys GmbH ¢ München Airport, Terminalstrasse Mitte 18, 85356 München « T: +49 (0) 89 97007 146 

France — Qualys Technologies ° Maison de la Défense, 7 Place de la Défense, 92400 Courbevoie « T: +33 (0) 1 41 97 35 70 Wo EMAND SECURITY 
Q U A LYS Japan - Qualys Japan K.K. © Pacific Century Place 8F, 1-11-1 Marunouchi, Chiyoda-ku, 100-6208 Tokyo * T: +81 3 6860 8296 


Hong Kong - Qualys Hong Kong Ltd. ¢ 2/F, Shui On Centre, 6-8 Harbour Road, Wanchai, Hong Kong ° T: +852 2824 8488 
www.qualys.com 


© Qualys, the Qualys logo and QualysGuard are registered trademarks of Qualys, Inc. All other trademarks are the property of their respective owners. 09/08 


